Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojanische Pferd TR/Ransom.Foreign.dtbb

Trojanische Pferd TR/Ransom.Foreign.dtbb


Log-Analyse und Auswertung: Trojanische Pferd TR/Ransom.Foreign.dtbb

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.06.2013, 00:00   #1
Braitna
 
Trojanische Pferd TR/Ransom.Foreign.dtbb - Standard

Trojanische Pferd TR/Ransom.Foreign.dtbb


Hallo,
mein Avira hat ein Trojaner entdeckt. Es handelt sich um TR/Ransom.Foreign.dtbb. Anbei die Auswertungen der beiden Scans. Leider hat OTL keine extra.txt generiert, so dass ich nur die OTL.txt posten kann.
Danke vorab!



OTL.txt

OTL logfile created on: 18.06.2013 00:50:01 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,68 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 59,49% Memory free
7,36 Gb Paging File | 5,77 Gb Available in Paging File | 78,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,07 Gb Total Space | 84,80 Gb Free Space | 60,11% Space Free | Partition Type: NTFS
Drive D: | 141,30 Gb Total Space | 141,10 Gb Free Space | 99,86% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.17 23:12:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2013.05.22 07:37:43 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013.05.22 07:37:43 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.03 08:44:38 | 000,027,904 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\ace_engine.exe
PRC - [2013.03.27 12:05:10 | 000,026,744 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\ace_update.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.11.08 11:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.08.09 20:28:32 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.29 20:15:52 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.29 20:15:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.29 20:15:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.19 15:58:26 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011.08.10 21:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.08.09 00:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.01.23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2011.01.23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010.12.24 18:34:06 | 004,546,896 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.25 15:38:02 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.22 07:37:43 | 000,158,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
MOD - [2013.04.03 08:44:38 | 000,027,904 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\ace_engine.exe
MOD - [2013.03.27 12:05:10 | 000,026,744 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\ace_update.exe
MOD - [2013.02.14 22:04:23 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll
MOD - [2013.02.14 22:04:06 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.29 18:20:40 | 000,082,944 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
MOD - [2013.01.29 18:20:40 | 000,066,048 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
MOD - [2013.01.14 22:33:50 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll
MOD - [2013.01.10 22:35:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 22:35:07 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.10 22:34:11 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013.01.10 22:34:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013.01.10 22:34:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.01.10 22:34:00 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.10 22:33:55 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012.11.14 18:00:08 | 000,018,944 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\pycompat.pyd
MOD - [2012.11.08 11:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.11.08 11:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.11.08 11:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.11.08 11:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.11.08 11:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.11.08 11:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.11.08 11:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2012.11.08 11:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.11.08 11:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.11.08 11:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.11.08 11:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.11.08 11:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2012.11.08 11:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.11.08 11:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.10.23 22:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2012.02.07 18:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
MOD - [2012.02.07 18:38:58 | 000,358,912 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
MOD - [2012.02.07 18:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
MOD - [2012.02.07 18:37:24 | 000,098,816 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
MOD - [2012.02.07 18:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
MOD - [2012.02.07 18:36:30 | 000,024,064 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
MOD - [2012.02.07 18:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
MOD - [2012.02.07 18:36:08 | 000,111,616 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
MOD - [2012.02.07 18:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
MOD - [2012.02.07 18:35:46 | 000,110,080 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
MOD - [2011.09.22 22:17:00 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.09.22 22:16:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.08.09 00:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011.07.15 21:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
MOD - [2011.07.15 21:38:22 | 000,674,816 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
MOD - [2011.07.15 21:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
MOD - [2011.07.15 21:38:12 | 000,966,144 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
MOD - [2011.07.15 21:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
MOD - [2011.07.15 21:38:06 | 000,670,720 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
MOD - [2011.07.15 21:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
MOD - [2011.07.15 21:38:00 | 000,746,496 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
MOD - [2011.07.15 21:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
MOD - [2011.07.15 21:37:48 | 000,981,504 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
MOD - [2011.07.15 21:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_html_vc.dll
MOD - [2011.07.15 21:34:26 | 000,479,744 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll
MOD - [2011.07.15 21:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_adv_vc.dll
MOD - [2011.07.15 21:34:16 | 000,730,112 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll
MOD - [2011.07.15 21:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wxmsw28uh_core_vc.dll
MOD - [2011.07.15 21:34:10 | 003,165,184 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll
MOD - [2011.07.15 21:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_net_vc.dll
MOD - [2011.07.15 21:33:40 | 000,122,368 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll
MOD - [2011.07.15 21:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\wxbase28uh_vc.dll
MOD - [2011.07.15 21:33:38 | 001,300,992 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll
MOD - [2011.06.12 15:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
MOD - [2011.06.12 15:09:18 | 000,720,896 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
MOD - [2011.06.12 15:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
MOD - [2011.06.12 15:09:18 | 000,038,400 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
MOD - [2011.06.12 15:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
MOD - [2011.06.12 15:06:24 | 000,152,576 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
MOD - [2011.06.12 15:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
MOD - [2011.06.12 15:06:22 | 000,287,232 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
MOD - [2011.06.12 15:06:22 | 000,106,496 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
MOD - [2011.06.12 15:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\select.pyd
MOD - [2011.06.12 15:06:22 | 000,011,776 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\select.pyd
MOD - [2011.06.12 15:06:20 | 000,688,128 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
MOD - [2011.02.13 17:02:12 | 000,031,232 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
MOD - [2011.01.23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2011.01.23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2011.01.18 23:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
MOD - [2011.01.18 23:56:22 | 000,334,336 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
MOD - [2010.12.24 18:34:06 | 004,546,896 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
MOD - [2010.10.11 00:23:52 | 000,723,968 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.04.05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL
MOD - [2010.04.05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010.04.05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL
MOD - [2010.04.05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL
MOD - [2010.04.05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL
MOD - [2010.04.01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
MOD - [2010.04.01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009.06.23 06:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll
MOD - [2009.06.23 06:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2009.06.23 06:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll
MOD - [2009.05.27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009.04.28 02:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsmr.dll
MOD - [2009.04.07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009.03.10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009.03.02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009.02.20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.04.14 14:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010.04.14 14:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2013.06.13 22:33:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.22 07:37:43 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013.05.17 22:20:59 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.10.23 23:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2012.05.29 20:15:52 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.29 20:15:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.29 20:15:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.19 15:58:26 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011.08.10 21:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.25 09:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010.04.14 14:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010.04.14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.05.22 07:37:43 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.05.29 20:15:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.29 20:15:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.12 15:44:26 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011.04.04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011.03.31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.06.25 04:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.25 04:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.25 04:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.06.25 04:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.06.25 04:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.04.21 17:48:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.04.01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010.03.11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.26 23:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.03 13:08:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.01.29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008.07.10 18:20:40 | 000,040,448 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthav.sys -- (bthav)
DRV:64bit: - [2007.11.02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://mysearch.avg.com/search?cid={BA3644B2-A3A1-409C-8697-AB92BDB22EAB}&mid=4dde6976442e48c29c13cc04f87867d7-94e35e6653a9e00b94b5e761c5de78fa85e251c3&lang=en&ds=ad011&pr=sa&d=2013-04-23 20:33:01&v=15.1.0.2&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D8E99AF9-10A1-4A8F-B8CA-3F2AADDEBFD3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=94e64d2f-f78a-4936-b91f-9873f67f98b1&apn_sauid=BD5A9EAC-7970-466C-AC08-5E3451FD08AE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: lieferheld%40extensions.partneraddons.de:1.5.3
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.2.0.5
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.0.13.1: C:\Users\Paul\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.09.22 12:58:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2012.04.22 22:58:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013.05.22 07:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 21:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\magicplayer@torrentstream.org: C:\Users\Paul\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2013.06.13 22:49:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 21:02:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011.09.26 21:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2013.05.20 14:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\lnhynr99.default\extensions
[2013.06.02 15:41:57 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\lnhynr99.default\extensions\toolbar@ask.com
[2012.03.21 22:59:02 | 000,190,619 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\lnhynr99.default\extensions\lieferheld@extensions.partneraddons.de.xpi
[2013.05.15 22:21:23 | 000,001,050 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\lnhynr99.default\searchplugins\11-suche.xml
[2012.11.26 21:24:56 | 000,002,413 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\lnhynr99.default\searchplugins\askcom.xml
[2013.05.15 22:21:23 | 000,002,418 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\lnhynr99.default\searchplugins\englische-ergebnisse.xml
[2013.05.15 22:21:23 | 000,010,701 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\lnhynr99.default\searchplugins\gmx-suche.xml
[2013.05.15 22:21:23 | 000,002,432 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\lnhynr99.default\searchplugins\lastminute.xml
[2013.05.15 22:21:23 | 000,005,682 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\lnhynr99.default\searchplugins\webde-suche.xml
[2013.05.17 22:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.17 22:20:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.05.17 22:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.17 22:21:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.22 07:37:50 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.2.0.5
[2013.04.23 20:33:03 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
O4 - HKCU..\Run: [ACEStream] C:\Users\Paul\AppData\Roaming\ACEStream\engine\ace_engine.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://mail-hv.brunel.de/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{270F84DB-CBD9-4F14-94C2-CF73B021DE83}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2CB013-BC4B-46E7-8F44-F758F2A30A9B}: DhcpNameServer = 10.57.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20d4b098-e866-11e0-ad72-60eb69979b66}\Shell - "" = AutoRun
O33 - MountPoints2\{20d4b098-e866-11e0-ad72-60eb69979b66}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{f87e0089-735f-11e1-a97d-60eb69979b66}\Shell - "" = AutoRun
O33 - MountPoints2\{f87e0089-735f-11e1-a97d-60eb69979b66}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.17 23:18:15 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Paul\Desktop\JRT.exe
[2013.06.17 23:12:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013.06.13 21:44:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Xvgalove

========== Files - Modified Within 30 Days ==========

[2013.06.18 00:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.18 00:27:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 00:27:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 00:20:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.18 00:20:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.18 00:19:54 | 2962,300,928 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.17 23:53:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.17 23:49:15 | 000,000,000 | ---- | M] () -- C:\Users\Paul\defogger_reenable
[2013.06.17 23:43:51 | 000,377,856 | ---- | M] () -- C:\Users\Paul\Desktop\gmer_2.1.19163.exe
[2013.06.17 23:34:35 | 000,050,477 | ---- | M] () -- C:\Users\Paul\Desktop\Defogger.exe
[2013.06.17 23:18:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Paul\Desktop\JRT.exe
[2013.06.17 23:16:58 | 013,169,742 | ---- | M] () -- C:\Users\Paul\Desktop\mbar-1.06.0.1003.zip
[2013.06.17 23:12:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013.05.26 22:43:41 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013.05.22 07:37:43 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

========== Files Created - No Company Name ==========

[2013.06.17 23:49:15 | 000,000,000 | ---- | C] () -- C:\Users\Paul\defogger_reenable
[2013.06.17 23:43:50 | 000,377,856 | ---- | C] () -- C:\Users\Paul\Desktop\gmer_2.1.19163.exe
[2013.06.17 23:34:35 | 000,050,477 | ---- | C] () -- C:\Users\Paul\Desktop\Defogger.exe
[2013.06.17 23:16:40 | 013,169,742 | ---- | C] () -- C:\Users\Paul\Desktop\mbar-1.06.0.1003.zip
[2013.05.22 07:37:44 | 000,003,725 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2012.11.23 21:04:05 | 000,010,639 | ---- | C] () -- C:\Users\Paul\RattePol_elster_2048.pfx
[2012.04.21 12:05:07 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2012.04.21 12:05:07 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2012.04.21 12:05:07 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2012.04.21 12:05:07 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2012.04.21 12:05:07 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2012.04.21 12:05:07 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2012.04.21 12:05:07 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2012.04.21 12:05:07 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2012.04.21 12:05:07 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2012.04.21 12:05:07 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2012.04.21 12:05:07 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2012.04.21 12:05:07 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2012.04.21 12:05:07 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2012.04.21 12:05:07 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2012.04.21 12:05:07 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2012.04.21 12:05:07 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2012.04.21 12:05:07 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2012.04.21 12:05:07 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2012.04.21 12:05:07 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2012.04.21 12:05:07 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2012.04.21 12:05:07 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2012.04.21 12:04:46 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2012.04.21 12:04:46 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2012.04.16 21:08:01 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.04.01 17:57:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.04.30 22:43:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\.ACEStream
[2013.04.23 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ACEStream
[2012.11.11 15:50:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\elsterformular
[2011.11.20 12:39:12 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\motorola
[2011.09.27 19:42:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Thunderbird
[2013.06.17 20:56:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Xvgalove

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE

< End of report >





Gmer.txt

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-18 00:16:36
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Paul\AppData\Local\Temp\fwldapow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000747311a8 2 bytes [73, 74]
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000747313a8 2 bytes [73, 74]
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074731422 2 bytes [73, 74]
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074731498 2 bytes [73, 74]
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000074621b41 2 bytes [62, 74]
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000074621be8 2 bytes [62, 74]
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000074621c20 2 bytes [62, 74]
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000074621cd2 2 bytes [62, 74]
.text C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[3796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000074621cf2 2 bytes [62, 74]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Windows\SysWOW64\RunDll32.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Windows\SysWOW64\RunDll32.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4208] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075881465 2 bytes [88, 75]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4208] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000758814bb 2 bytes [88, 75]
.text ... * 2

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002370] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [100034e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5088:4948] 000007fefb162a88
Thread C:\Windows\System32\svchost.exe [4776:4732] 000007fef49b9688

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ae06d37
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ae06d37 (not active ControlSet)

---- EOF - GMER 2.1 ----

 

Themen zu Trojanische Pferd TR/Ransom.Foreign.dtbb
adobe, antivir, autorun, avg, avg secure search, avira, avira searchfree toolbar, bho, cid, explorer, firefox, flash player, format, google, home, launch, logfile, mozilla, opera, plug-in, ransom, realtek, registry, rundll, secure search, security, software, svchost.exe, temp, tr/ransom.foreign.dtbb, trojaner, vtoolbarupdater, windows


« Win.Trojan 588749, Win.Trojan.Bamital 1158, Win.Trojan.Agent 382794 | Trojan.bebloh und Angriff durch Trojan.Ransomlock.P Activity 2 »


Ähnliche Themen: Trojanische Pferd TR/Ransom.Foreign.dtbb


  1. deeprybka: Trojan-Ransom.Win32.Foreign ist weg
    Lob, Kritik und Wünsche - 29.06.2014 (1)
  2. Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip
    Log-Analyse und Auswertung - 01.06.2014 (21)
  4. lenovo x61 mit Win 7, Trojan-Ransom.Win32.Foreign.doov und weitere
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (5)
  5. TR/Ransom.Foreign.hjrz
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (45)
  6. Meldung von ZoneAlarm: Trojan-Ransom.Win32.Foreign.fvto erkannt
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (19)
  7. trojan-ransom.win32.foreign.bnpm entdeckt in e-mail anhang!
    Log-Analyse und Auswertung - 19.07.2013 (4)
  8. Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (15)
  9. trojan-ransom.win32.foreign.dfos eventuell versehentlich geöffnet
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (14)
  10. Mahnungsmail mit ZIP Datei - Trojan-Ransom.Win32.Foreign.cjue
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (30)
  11. Ransom.Win32.Foreign / Trojan-Downloader.Java / Exploit.Java (Bildschirm weiß)
    Log-Analyse und Auswertung - 19.05.2013 (6)
  12. Trojan-Ransom.Win32.Foreign.abjw
    Log-Analyse und Auswertung - 23.04.2013 (11)
  13. Trojaner ( TR/ransom.foreign.acdb.1) von Avira entdeckt, Outlook funktioniert nicht mehr, PC langsam
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (2)
  14. Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (9)
  15. Bundestrojaner Trojan-Ransom.win32.Foreign.oja usw.
    Log-Analyse und Auswertung - 14.05.2012 (17)
  16. Bankentrojaner? Antivir findet u.a das Trojanische Pferd TR/Ransom.bxra
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (19)
  17. Trojanische Pferd TR/Agent.anq.5 Trojanische Pferd TR/Crypt.FKM.Gen Trojanische Pfe
    Log-Analyse und Auswertung - 18.06.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojanische Pferd TR/Ransom.Foreign.dtbb - Hallo, mein Avira hat ein Trojaner entdeckt. Es handelt sich um TR/Ransom.Foreign.dtbb. Anbei die Auswertungen der beiden Scans. Leider hat OTL keine extra.txt generiert, so dass ich nur die OTL.txt - Trojanische Pferd TR/Ransom.Foreign.dtbb...
Archiv
Du betrachtest: Trojanische Pferd TR/Ransom.Foreign.dtbb auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55